Use WannaKiwi and Wannakey Decryption Tools to Unlock Files encrypted by Wannacry Ransomware

If you were not lucky enough to survive the ferocious WannaCry Ransomware attack last week. Now there might be some hope for you to get back the control of your precious data which was encrypted by the Ransomware. That too without paying the ransom.

Security researchers around the world were working extensively to device a way to decrypt the data of infected systems. Now a french security researcher from Quarkslab, Adrien Guinet, has successfully retrieved the encryption keys used by WannaCry Ransomware without paying the ransom.

How does WannaCry encrypt and decrypt files in the background?

The moment your system is infected by WannaCry Ransomware it starts the process of encrypting your files. For the process of encrypting and decrypting the files “Public key” and a “private Key” is used. For creating these keys the ransomware uses prime numbers.

After all the files are encrypted both private and public keys are deleted securely. Without these keys, the encrypted files cannot be decrypted.

But Guinet found a weakness in this process. Even though public and private keys are deleted the Prime numbers used to recreate those encryption keys are not erased from systems memory until and unless you restart your system.

Guinet used this discovery to create a tool called WannaKey. But this WannaCry decryption tools is of no use if you have restarted your system after it is infected by the virus.

Which leaves the majority of users, who have rebooted their system out the question for getting their files unlocked.

WanaKiwi: WannaCry Ransomware Decryption Tool.

Another Security researcher Benjamin Deply, taking a cue from the findings of Guinet developed a more affecting WannaCry decryption tool called “WanaKiwi”. With this simple to use the Command Line Interface tool, there is a greater chance of decrypting the files on an infected system.

According to Mr. Suiche the tools works on all the affected operating systems like Windows Xp, Windows 7, Windows Server 2003.

A word of caution is that this tool might not work on 100% of the systems infected by the ransomware because of system dependencies. But still it a positive start in the fight against this unruly ransomware attack.

We hope that more sophisticated tools are developed by a hard-working security researcher to take back control of infected systems.